Department of Education Learned the ABCs of Cybersecurity Risk from TDI. Our Lessons - Years in the Making – Helped DoED “Graduate.”
TDI performed a complete cybersecurity risk assessment of the Postsecondary Education Participants System (PEPS) at the Department of Education. The risk assessment was part of an overall Federal Information Security Management Act (FISMA) evaluation.
To complete our task, we performed a comprehensive examination of the cybersecurity measures and controls, of both a technical and practical nature, used by PEPS. We gathered information about vulnerabilities through technical assessments, interviews, site visits, review of documentation, and onsite observation of procedures. TDI followed multiple guidelines during this process including National Institute of Standards and Technology (NIST) Special Publications and Office of Management and Budget (OMB) Circulars.
TDI’s risk assessment assured that PEPS adhered to a given set of cybersecurity requirements. When it was completed, the cybersecurity certification process revealed pertinent information about the threats, vulnerabilities, and risks existing in PEPS. Each identified risk received an associated quantitative form of measurement to evaluate it on a relative scale. Ultimately, our risk assessment provided the foundation for the PEPS Department of Education accreditation decision.
PEPS is the Federal Student Aid’s (FSA) management information system of all organizations that have a role in administering Federal Student Aid and other Higher Education Act programs. PEPS stores and maintains eligibility, certification, demographic, financial, review, audit, and default rate data about Schools, Lenders and Guarantors participating in the Title IV programs.